Great news: Company in charge of fixing Healthcare.gov got federal rebuke for lax security

Ed MorrisseyPosted at 9:21 am on November 1, 2013

How does the White House restore confidence in the effort to fix a web portal on which they spent $400 million and 42 months? Apparently, it involves bringing in the same people who had to fix things after their previous substandard deliveries, too. QSSI, which just got the job of being prime contractor on the Healthcare.gov “tech surge,” spent the summer dealing with an HHS Inspector General report that slammed the company for allowing easy access to millions of Medicare accounts (via Jeff Dunetz):

A contractor heavily involved in repairing HealthCare.gov was previously criticized for endangering the personal data of more than 6 million government beneficiaries through insufficient security controls.

Lax data safety at Quality Software Services, Inc. (QSSI) was deemed a “high” risk in a June probe by federal investigators that revealed the company had failed to stop its employees from connecting unauthorized USB devices to highly sensitive Medicare systems.

The June report by the Health and Human Services (HHS) inspector general revealed that QSSI’s inaction allowed workers to connect unsanctioned devices such as iPods to 29 out of the 30 workstations studied, all of which had access to millions of Medicare patients’ personal data.

The unhindered access to USB ports raised the possibility that workers could have introduced malware to Medicare’s systems or “inappropriately accessed” personally identifiable details, the report stated.

The information of more than 6 million Medicare beneficiaries was at “greater risk from malware, inappropriate access or theft” as a result, wrote HHS assistant inspector general Kay Daily.

This morning, CBS News host Charlie Rose asked analyst John Dickerson was asked what the White House could do to “get on top” of the ObamaCare story. “Well, I think he gets on top of this by having a website that actually works,” Dickerson replied. They might try finding contractors who have a track record of actual success in delivery and security, too. That might begin by getting rid of the people who chose these same contractors in the first place, and who squandered $400 million and 42 months to deliver incompetence, and possibly worse. But in the end, Dickerson makes it clear that the White House won’t “get on top” of the story as long as they keep lying about their earlier lies: